Fingerprint sensor worries senator

AP, NEW YORK

Sun, Sep 22, 2013 - Page 13

A US senator is asking Apple for more clarity on privacy and security concerns he has with the use of fingerprint-recognition technology in the new iPhone 5S.

The iPhone 5S, which went on sale on Friday, includes a fingerprint sensor that lets users tap the home button to unlock their smartphone, rather than enter a four-digit passcode.

However, US Senator Al Franken said that the fingerprint system could be potentially disastrous for users if someone does eventually hack it. While a password can be kept a secret and changed if it is hacked, fingerprints are permanent and are left on everything a person touches, making them far from a secret, he said.

“Let me put it this way: If hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life,” the Democrat said in a letter to Apple CEO Tim Cook.

However, the company has said that this kind of technology significantly boosts security for users.

Apple said the fingerprint data is stored on the iPhone in a place that is inaccessible to other apps and to Apple’s remote servers. Apple also has put in a number of safeguards, including requiring a passcode after a restart and 48 hours of inactivity. In addition, Apple says it is not possible to take an existing fingerprint and convert it into something the phone will recognize, as the sensor reads a sub-epidermal layer of the finger.

Apple’s fingerprint technology seems different and possibly more accurate than older readers, so most people should not need to worry, Neohapsis security consultant Joe Schumacher said.

It could still be “a risk for any possible targeted individual,” and much of the risk comes from not knowing many details, he said.

“There is a big security risk with Touch ID without explicit understanding of how Apple is handling this data from storage to sharing with other entities,” he said in a statement.

Meanwhile, anyone worried about fingerprint scan has the option of disabling the feature and sticking with the passcode.